PHP 8.0.8: Downloads, Changelog, News

Release Information

Release: 8.0.8
PHP Version: PHP 8.0
Release Date: 2021 Jun 17
Release Type: Security Update
Release Status: EOL, Use PHP 8.0.30
Branch Status: Unsupported

PHP 8.0 reached EOL on 2023-11-26, and all releases of this version no longer receive security or bug fixes. Using PHP 8.0.8 is not recommended. PHP 8.0.30 is the latest version in the series.

PHP can be compiled by setting up the dependencies, building the configure script (./buildconf), configuring the build ./configure, and running make.
Detailed articles on how to compile PHP are available for Ubuntu/Debian based systems and Fedora/RHEL based systems.

Windows binaries

Non-Thread Safe Builds

Non-Thread Safe (NTS) builds are single-threaded PHP builds. They can be used on web servers that integrate PHP over FastCGI protocol, such as Nginx, Caddy, and IIS.

php-8.0.8-x64NTS.zip (25.39 MiB)

php-8.0.8-x86NTS.zip (23.54 MiB)

Thread-Safe Builds

Thread-Safe (TS) builds are multi-thread PHP builds, often used to integrate PHP as a Server API for multithreaded servers. The most common use case is using PHP as an Apache module.

php-8.0.8-x64TS.zip (25.50 MiB)

php-8.0.8-x86TS.zip (23.53 MiB)

Docker/Podman Containers

PHP CLI

PHP CLI Containers images only include the PHP CLI, and no FPM or Apache modules. The Alpine builds are lightweight, but may introduce incompatibilities due to their musl builds. Albeit their larger size, the Debian-based (without the "-alpine" suffix) images are more complete, and widely used.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:8.0.8-cli-alpine

Debian-based: More compatible with other components, complete, and are widely used.

docker pull php:8.0.8-cli

PHP CLI + Web Server Integration

These container images include PHP CLI, and a web server integration. FPM container images can be integrated with web servers such as Nginx, Caddy, and Apache with Event MPM. The Apache container images include Apache web server, integrating PHP as an Apache module.

Alpine-based: Lightweight, but may introduce incompatibilities due to their musl builds.

docker pull php:8.0.8-fpm-alpine

Debian-based ZTS Apache: Includes Apache web server integrating PHP as an Apache module.

docker pull php:8.0.8-apache

Debian-based NTS FPM: PHP-FPM, can be integrated with Nginx, Caddy, and other web servers over Fast CGI.

docker pull php:8.0.8-fpm

ChangeLog

Core

Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
Fixed bug #81068 (Double free in realpath_cache_clean()).
Fixed bug #76359 (open_basedir bypass through adding "..").
Fixed bug #81090 (Typed property performance degradation with .= operator).
Fixed bug #81070 (Integer underflow in memory limit comparison).
Fixed bug #81122: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705)

Bzip2

Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).

Fileinfo

Fixed bug #80197 (implicit declaration of function 'magic_stream' is invalid).

GMP

Fixed bug #81119 (GMP operators throw errors with wrong parameter names).

MySQLnd

Fixed bug #80761 (PDO uses too much memory).

OCI8

Fixed bug #81088 (error in regression test for oci_fetch_object() and oci_fetch_array()).

Opcache

Fixed bug #81051 (Broken property type handling after incrementing reference).
Fixed bug #80968 (JIT segfault with return from required file).

OpenSSL

Fixed bug #76694 (native Windows cert verification uses CN as sever name).

PDO_Firebird

Fixed bug #76448: Stack buffer overflow in firebird_info_cb. (CVE-2021-21704)
Fixed bug #76449: SIGSEGV in firebird_handle_doer. (CVE-2021-21704)
Fixed bug #76450: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704)
Fixed bug #76452: Crash while parsing blob data in firebird_fetch_blob. (CVE-2021-21704)

readline

Fixed bug #72998 (invalid read in readline completion).

Standard

Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).

Windows

Fixed bug #81120 (PGO data for main PHP DLL are not used).

Commit List

Bob Weinand

Export ENV in .sh file generated by run-tests in 76a4ea5e2a
Fix null handling in test runner when printing env in c916613f13

Calvin Buckley

Enable net_get_interfaces on IBM i PASE in 4f51a11a84

Christoph M. Becker

Fix #81048: phpinfo(INFO_VARIABLES) "Array to string conversion" in 36b9bdeeec
Update version in php_version.h as well in 59522ba968
SimpleXMLElement::addAttribute() is a void function in 24d9527c75
Fix some imagecolor*() return types in 8bcaaa3579
Fix #76359: open_basedir bypass through adding ".." in ee9e07541f
Speed up ext/dba/tests/bug78808.phpt in c11b52de95
Fix typo in test case (doe → die) in 4ab434fa0e
Fix #76694: native Windows cert verification uses CN as sever name in 7fd48264de
Fix #81092: fflush before stream_filter_remove corrupts stream in a1738d8bd1
Fix #81120: PGO data for main PHP DLL are not used in 21f2ff79de
Fix test wrt. OPENSSL_CONF in d15e10d7ab
Fix #81122: SSRF bypass in FILTER_VALIDATE_URL in 5a1fe88ac1
Fix #76452: Crash while parsing blob data in firebird_fetch_blob in 1edd284cd5
Fix #76450: SIGSEGV in firebird_stmt_execute in 8cb87aabba
Fix #76449: SIGSEGV in firebird_handle_doer in 921f320ec2
Fix #76448: Stack buffer overflow in firebird_info_cb in c8620a7531

Derick Rethans

Detect musl libc to not set tls_model attribute on that platform in 804420b011

Dimitry Andric

Fix bug #81068: Fix possible use-after-free in realpath_cache_clean() in 99a208566a

Dmitry Stogov

Fixed bug #80968 (JIT segfault with return from required file) in 6e2d47e071
JIT: Fixed incorrect condition (this leaded to in cce0cc8836
Don't assign to string offset after exception (This fixes in db309b2e4b
Add missing undefined variable warning an result initialization in bf21261c63
Fix register save/restore around calls. (This fixes in 025c0763e7
Disable ASSIGN + SEND_VAL fusion for cases when destroying of old value may throw an exception in 11a7310b49
Fixed bug #81051 (Broken property type handling after incrementing reference) in ac65f6af6e

Gabriel Caruso

Update NEWS file in 7fe7e315d3
Prepare for PHP 8.0.8 GA in b7cad0a47e
Update versions for PHP 8.0.8 in 73b5402048

Joe Watkins

Fix #77627 method_exists on Closure::__invoke in cfd4d3df0b
Fix #81076 Invalid implicit binds cause incorrect count in static vars of closure debug info in 213063f6ca
fix bug #72998 in 1143155fcb
fix bad refactor of #7136 in b10bcb4faa

Máté Kocsis

Fix imagesetclip() parameter names in 25e24715d7
Fix the return type of mysqli::connect() in 86ef34fc61
Fix the return type of mysqli_connect() in 97f7279353
mysqli_get_client_info() cannot return null in ceb0951fa5
Add a few missing RETURN_THROWS(); in 2d47447d66
Fix a few ext/phar return types in 9bba9f68df
Fix session cleanup in b165197f0f
Fix return type of SessionHandler::gc() in 6fb08f4607
Fix the return types in ext/snmp in GH-7068
Fixed bug #81088 error in regression test for oci_fetch_object() and oci_fetch_array() in a0af84bebd

Nikita Popov

Move preload_autoload assignment into preload_load() in 62a9f97381
Fix handling of open_basedir that contains cwd in ee7a8acde9
Pass flags to #[Attribute] on internal attributes in db6e60e744
Update func info for mysqli_connect in 9f6ee9f4d7
Fixed bug #80761 in 635303aec5
Fix session test in ddb550f1f8
Fixed bug #81090 in 82f6f6da67
Skip test without ZMM in d4f493b0b0
Try to fix libxml 2.9.12 tests in d818edeae2
Avoid MSVC unused variable warning in FastZPP in 3ee6a4b35f
Fixed bug #81104 in d8165c2502
Mitigation for bug #81096 in 3f4bc94b00
Fix bug #81119 in 087773879f
Fixed bug #80197 in 5dc31e0cb6
Regenerate arginfo file in b6fa386749

Peter van Dommelen

Fixed bug #81070 in 1b3b5c94e5

Remi Collet

Fix snmp build without DES in f9fd3595ec
zip extension is now 1.19.3 in 1671996ed7

Sara Golemon

Prep for 8.0.8 in 64918fee97

Stanislav Malyshev

Fix warning in 09f0efc067

Stéphan Kochen

Make tests compatible with libxml2 2.9.12 in f3d1e9ed06

twosee

Fix argument index in stream_select() in b751c24e23